End-to-end security in active networks

Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea

Content-Aware Multimedia Communications

The demands for fast, economic and reliable dissemination of multimedia information are steadily growing within our society. While people and economy increasingly rely on communication technologies, engineers still struggle with their growing complexity. Complexity in multimedia communication originates from several sources. The most prominent is the unreliability of packet networks like the Internet. Recent advances in scheduling and error control mechanisms for streaming protocols have shown that the quality and robustness of multimedia delivery can be improved significantly when protocols are aware of the content they deliver. However, the proposed mechanisms require close cooperation between transport systems and application layers which increases the overall system complexity. Current approaches also require expensive metrics and focus on special encoding formats only. A general and efficient model is missing so far. This thesis presents efficient and format-independent solutions to support cross-layer coordination in system architectures. In particular, the first contribution of this work is a generic dependency model that enables transport layers to access content-specific properties of media streams, such as dependencies between data units and their importance. The second contribution is the design of a programming model for streaming communication and its implementation as a middleware architecture. The programming model hides the complexity of protocol stacks behind simple programming abstractions, but exposes cross-layer control and monitoring options to application programmers. For example, our interfaces allow programmers to choose appropriate failure semantics at design time while they can refine error protection and visibility of low-level errors at run-time. Based on some examples we show how our middleware simplifies the integration of stream-based communication into large-scale application architectures. An important result of this work is that despite cross-layer cooperation, neither application nor transport protocol designers experience an increase in complexity. Application programmers can even reuse existing streaming protocols which effectively increases system robustness.Der Bedarf unsere Gesellschaft nach kostengünstiger und zuverlässiger Kommunikation wächst stetig. Während wir uns selbst immer mehr von modernen Kommunikationstechnologien abhängig machen, müssen die Ingenieure dieser Technologien sowohl den Bedarf nach schneller Einführung neuer Produkte befriedigen als auch die wachsende Komplexität der Systeme beherrschen. Gerade die Übertragung multimedialer Inhalte wie Video und Audiodaten ist nicht trivial. Einer der prominentesten Gründe dafür ist die Unzuverlässigkeit heutiger Netzwerke, wie z.B.~dem Internet. Paketverluste und schwankende Laufzeiten können die Darstellungsqualität massiv beeinträchtigen. Wie jüngste Entwicklungen im Bereich der Streaming-Protokolle zeigen, sind jedoch Qualität und Robustheit der Übertragung effizient kontrollierbar, wenn Streamingprotokolle Informationen über den Inhalt der transportierten Daten ausnutzen. Existierende Ansätze, die den Inhalt von Multimediadatenströmen beschreiben, sind allerdings meist auf einzelne Kompressionsverfahren spezialisiert und verwenden berechnungsintensive Metriken. Das reduziert ihren praktischen Nutzen deutlich. Außerdem erfordert der Informationsaustausch eine enge Kooperation zwischen Applikationen und Transportschichten. Da allerdings die Schnittstellen aktueller Systemarchitekturen nicht darauf vorbereitet sind, müssen entweder die Schnittstellen erweitert oder alternative Architekturkonzepte geschaffen werden. Die Gefahr beider Varianten ist jedoch, dass sich die Komplexität eines Systems dadurch weiter erhöhen kann. Das zentrale Ziel dieser Dissertation ist es deshalb, schichtenübergreifende Koordination bei gleichzeitiger Reduzierung der Komplexität zu erreichen. Hier leistet die Arbeit zwei Beträge zum aktuellen Stand der Forschung. Erstens definiert sie ein universelles Modell zur Beschreibung von Inhaltsattributen, wie Wichtigkeiten und Abhängigkeitsbeziehungen innerhalb eines Datenstroms. Transportschichten können dieses Wissen zur effizienten Fehlerkontrolle verwenden. Zweitens beschreibt die Arbeit das Noja Programmiermodell für multimediale Middleware. Noja definiert Abstraktionen zur Übertragung und Kontrolle multimedialer Ströme, die die Koordination von Streamingprotokollen mit Applikationen ermöglichen. Zum Beispiel können Programmierer geeignete Fehlersemantiken und Kommunikationstopologien auswählen und den konkreten Fehlerschutz dann zur Laufzeit verfeinern und kontrolliere

A P2P Platform for real-time multicast video streaming leveraging on scalable multiple descriptions to cope with bandwidth fluctuations

In the immediate future video distribution applications will increase their diffusion thanks tothe ever-increasing user capabilities and improvements in the Internet access speed and performance.The target of this paper is to propose a content delivery system for real-time streaming services based ona peer-to-peer approach that exploits multicast overlay organization of the peers to address thechallenges due to bandwidth heterogeneity. To improve reliability and flexibility, video is coded using ascalable multiple description approach that allows delivery of sub-streams over multiple trees andallows rate adaptation along the trees as the available bandwidth changes. Moreover, we have deployeda new algorithm for tree-based topology management of the overlay network. In fact, tree based overlaynetworks better perform in terms of end-to-end delay and ordered delivery of video flow packets withrespect to mesh based ones. We also show with a case study that the proposed system works better thansimilar systems using only either multicast or multiple trees

3D spatio-temporal analysis for compressive sensing in magnetic resonance imaging of the murine cardiac cycle

This thesis consists of two major contributions, each of which has been prepared in a conference paper. These papers will be submitted for publication in the SPIE 2013 Medical Imaging Conference and the ASEE 2013 Annual Conference. The first paper explores a three-dimensional compressive sensing (CS) technique for reducing measurement time in MR imaging of the murine (mouse) cardiac cycle. By randomly undersampling a single 2D slice of a mouse heart at regular time intervals as it expands and contracts through the stages of a heartbeat, a CS reconstruction algorithm can be made to exploit transform sparsity in time as well as space. For the purposes of measuring the left ventricular volume in the mouse heart, this 3D approach offers significant advantages against classical 2D spatial compressive sensing. The second paper describes the modification and testing of a set of laboratory exercises for developing an undergraduate level understanding of Simulink. An existing partial set of lab exercises for Simulink was obtained and improved considerably in pedagogical utility, and then the completed set of pilot exercises was taught as a part of a communications course at the Missouri University of Science and Technology in order to gauge student responses and learning experiences. In this paper, the content of the laboratory exercises with corresponding educational approaches are discussed, along with student feedback and future improvements. --Abstract, page iv

Experimental Study of Multirate Margin in Software Defined Multirate Radio

Due to the recent development of spectrally-efficient modulation schemes, IEEE 802.11 Wifi and IEEE 802.16 WiMax radios support wireless communication at multiple bit rates. While high-rate transmission allows delivering more information in less time, the corresponding performance improvement is less than expected due to the PHY- and MAC-layer overheads, imposed by the 802.11/16 standards. This is particularly true in wireless ad hoc networks as there exist rate-distance and rate-hop count tradeoffs. The concept of multi-rate margin is proposed in this thesis, which exploits the difference in communication characteristics at different rates and serves as the fundamental ingredient for an opportunistic transmission protocol, targeted to meliorate the ad hoc mobile wireless network performance. In this thesis, the multi-rate margin is analyzed with theoretical derivation, perceived with simulation result using MATLAB and observed through real world testing using USRP and GNU Radio, which is a recent implementation of Software Defined Radi

Network streaming and compression for mixed reality tele-immersion

Bulterman, D.C.A. [Promotor]Cesar, P.S. [Copromotor

Adaptive Communications for Next Generation Broadband Wireless Access Systems

Un dels aspectes claus en el disseny i gestió de les xarxes sense fils d'accés de banda ampla és l'ús eficient dels recursos radio. Des del punt de vista de l'operador, l'ample de banda és un bé escàs i preuat que s´ha d'explotar i gestionar de la forma més eficient possible tot garantint la qualitat del servei que es vol proporcionar. Per altra banda, des del punt de vista del usuari, la qualitat del servei ofert ha de ser comparable al de les xarxes fixes, requerint així un baix retard i una baixa pèrdua de paquets per cadascun dels fluxos de dades entre la xarxa i l'usuari. Durant els darrers anys s´han desenvolupat nombroses tècniques i algoritmes amb l'objectiu d'incrementar l'eficiència espectral. Entre aquestes tècniques destaca l'ús de múltiples antenes al transmissor i al receptor amb l'objectiu de transmetre diferents fluxos de dades simultaneament sense necessitat d'augmentar l'ample de banda. Per altra banda, la optimizació conjunta de la capa d'accés al medi i la capa física (fent ús de l'estat del canal per tal de gestionar de manera optima els recursos) també permet incrementar sensiblement l'eficiència espectral del sistema.L'objectiu d'aquesta tesi és l'estudi i desenvolupament de noves tècniques d'adaptació de l'enllaç i gestió dels recursos ràdio aplicades sobre sistemes d'accés ràdio de propera generació (Beyond 3G). Els estudis realitzats parteixen de la premissa que el transmisor coneix (parcialment) l'estat del canal i que la transmissió es realitza fent servir un esquema multiportadora amb múltiples antenes al transmisor i al receptor. En aquesta tesi es presenten dues línies d'investigació, la primera per casos d'una sola antenna a cada banda de l'enllaç, i la segona en cas de múltiples antenes. En el cas d'una sola antena al transmissor i al receptor, un nou esquema d'assignació de recursos ràdio i priorització dels paquets (scheduling) és proposat i analitzat integrant totes dues funcions sobre una mateixa entitat (cross-layer). L'esquema proposat té com a principal característica la seva baixa complexitat i que permet operar amb transmissions multimedia. Alhora, posteriors millores realitzades per l'autor sobre l'esquema proposat han permès també reduir els requeriments de senyalització i combinar de forma óptima usuaris d'alta i baixa mobilitat sobre el mateix accés ràdio, millorant encara més l'eficiència espectral del sistema. En cas d'enllaços amb múltiples antenes es proposa un nou esquema que combina la selecció del conjunt optim d'antenes transmissores amb la selecció de la codificació espai- (frequència-) temps. Finalment es donen una sèrie de recomanacions per tal de combinar totes dues línies d'investigació, així con un estat de l'art de les tècniques proposades per altres autors que combinen en part la gestió dels recursos ràdio i els esquemes de transmissió amb múltiples antenes.Uno de los aspectos claves en el diseño y gestión de las redes inalámbricas de banda ancha es el uso eficiente de los recursos radio. Desde el punto de vista del operador, el ancho de banda es un bien escaso y valioso que se debe explotar y gestionar de la forma más eficiente posible sin afectar a la calidad del servicio ofrecido. Por otro lado, desde el punto de vista del usuario, la calidad del servicio ha de ser comparable al ofrecido por las redes fijas, requiriendo así un bajo retardo y una baja tasa de perdida de paquetes para cada uno de los flujos de datos entre la red y el usuario. Durante los últimos años el número de técnicas y algoritmos que tratan de incrementar la eficiencia espectral en dichas redes es bastante amplio. Entre estas técnicas destaca el uso de múltiples antenas en el transmisor y en el receptor con el objetivo de poder transmitir simultáneamente diferentes flujos de datos sin necesidad de incrementar el ancho de banda. Por otro lado, la optimización conjunta de la capa de acceso al medio y la capa física (utilizando información de estado del canal para gestionar de manera óptima los recursos) también permite incrementar sensiblemente la eficiencia espectral del sistema.El objetivo de esta tesis es el estudio y desarrollo de nuevas técnicas de adaptación del enlace y la gestión de los recursos radio, y su posterior aplicación sobre los sistemas de acceso radio de próxima generación (Beyond 3G). Los estudios realizados parten de la premisa de que el transmisor conoce (parcialmente) el estado del canal a la vez que se considera que la transmisión se realiza sobre un sistema de transmisión multiportadora con múltiple antenas en el transmisor y el receptor. La tesis se centra sobre dos líneas de investigación, la primera para casos de una única antena en cada lado del enlace, y la segunda en caso de múltiples antenas en cada lado. Para el caso de una única antena en el transmisor y en el receptor, se ha desarrollado un nuevo esquema de asignación de los recursos radio así como de priorización de los paquetes de datos (scheduling) integrando ambas funciones sobre una misma entidad (cross-layer). El esquema propuesto tiene como principal característica su bajo coste computacional a la vez que se puede aplicar en caso de transmisiones multimedia. Posteriores mejoras realizadas por el autor sobre el esquema propuesto han permitido también reducir los requisitos de señalización así como combinar de forma óptima usuarios de alta y baja movilidad. Por otro lado, en caso de enlaces con múltiples antenas en transmisión y recepción, se presenta un nuevo esquema de adaptación en el cual se combina la selección de la(s) antena(s) transmisora(s) con la selección del esquema de codificación espacio-(frecuencia-) tiempo. Para finalizar, se dan una serie de recomendaciones con el objetivo de combinar ambas líneas de investigación, así como un estado del arte de las técnicas propuestas por otros autores que combinan en parte la gestión de los recursos radio y los esquemas de transmisión con múltiples antenas.In Broadband Wireless Access systems the efficient use of the resources is crucial from many points of views. From the operator point of view, the bandwidth is a scarce, valuable, and expensive resource which must be exploited in an efficient manner while the Quality of Service (QoS) provided to the users is guaranteed. On the other hand, a tight delay and link quality constraints are imposed on each data flow hence the user experiences the same quality as in fixed networks. During the last few years many techniques have been developed in order to increase the spectral efficiency and the throughput. Among them, the use of multiple antennas at the transmitter and the receiver (exploiting spatial multiplexing) with the joint optimization of the medium access control layer and the physical layer parameters.In this Ph.D. thesis, different adaptive techniques for B3G multicarrier wireless systems are developed and proposed focusing on the SS-MC-MA and the OFDM(A) (IEEE 802.16a/e/m standards) communication schemes. The research lines emphasize into the adaptation of the transmission having (Partial) knowledge of the Channel State Information for both; single antenna and multiple antenna links. For single antenna links, the implementation of a joint resource allocation and scheduling strategy by including adaptive modulation and coding is investigated. A low complexity resource allocation and scheduling algorithm is proposed with the objective to cope with real- and/or non-real- time requirements and constraints. A special attention is also devoted in reducing the required signalling. However, for multiple antenna links, the performance of a proposed adaptive transmit antenna selection scheme jointly with space-time block coding selection is investigated and compared with conventional structures. In this research line, mainly two optimizations criteria are proposed for spatial link adaptation, one based on the minimum error rate for fixed throughput, and the second focused on the maximisation of the rate for fixed error rate. Finally, some indications are given on how to include the spatial adaptation into the investigated and proposed resource allocation and scheduling process developed for single antenna transmission

The SoftPHY Abstraction: from Packets to Symbols in Wireless Network Design

At ever-increasing rates, we are using wireless systems to communicatewith others and retrieve content of interest to us. Current wirelesstechnologies such as WiFi or Zigbee use forward error correction todrive bit error rates down when there are few interferingtransmissions. However, as more of us use wireless networks toretrieve increasingly rich content, interference increases inunpredictable ways. This results in errored bits, degradedthroughput, and eventually, an unusable network. We observe that thisis the result of higher layers working at the packet granularity,whereas they would benefit from a shift in perspective from wholepackets to individual symbols.From real-world experiments on a 31-node testbed of Zigbee andsoftware-defined radios, we find that often, not all of the bitsin corrupted packets share fate. Thus, today's wireless protocolsretransmit packets where only a small number of the constituent bitsin a packet are in error, wasting network resources. In thisdissertation, we will describe a physical layer that passesinformation about its confidence in each decoded symbol up to higherlayers. These SoftPHY hints have many applications, one ofwhich, more efficient link-layer retransmissions, we will describe indetail. PP-ARQ is a link-layer reliable retransmission protocolthat allows a receiver to compactly encode a request forretransmission of only the bits in a packet that are likely in error.Our experimental results show that PP-ARQ increases aggregate networkthroughput by a factor of approximately 2x under variousconditions. Finally, we will place our contributions in the contextof related work and discuss other uses of SoftPHY throughout thewireless networking stack